dissect.target.plugins.os.windows.services

Module Contents

Classes

ServicesPlugin

Services plugin.

Attributes

ServiceRecord
SERVICE_ENUMS
RE_PATH_SPLIT
RE_PATH_SPLIT_FALLBACK

dissect.target.plugins.os.windows.services.ServiceRecord

dissect.target.plugins.os.windows.services.SERVICE_ENUMS

dissect.target.plugins.os.windows.services.RE_PATH_SPLIT

dissect.target.plugins.os.windows.services.RE_PATH_SPLIT_FALLBACK

class dissect.target.plugins.os.windows.services.ServicesPlugin(target: dissect.target.Target)

Bases: dissect.target.plugin.Plugin

Services plugin.

KEY = 'HKLM\\SYSTEM\\CurrentControlSet\\Services'

check_compatible()

Perform a compatibility check with the target.

This function should return None if the plugin is compatible with the current target (self.target). For example, check if a certain file exists. Otherwise it should raise an UnsupportedPluginError.

Raises:

UnsupportedPluginError – If the plugin could not be loaded.

services()

Return information about all installed services.

The HKLMSYSTEMCurrentControlSetServices registry key contains information about the installed services and drivers on the system.

Sources:

• https://artifacts-kb.readthedocs.io/en/latest/sources/windows/ServicesAndDrivers.html

Yields ServiceRecords with fields:

hostname (string): The target hostname. domain (string): The target domain. ts (datatime): The last modified timestamp of the registry key. name (string): The service name. displayname (string): The service display name. servicedll (uri): The service dll. imagepath (uri): The service image path. objectname (string): The object under which the service runs (for example LocalSystem) start (string): The service start field. type (string): The service type field. errorcontrol (string): The service error control field.